I’ve been known to stare at my monitor, humming a few bars of – “IM malware go away, and come back another day”, from time to time. Doesn’t seem to work though. 🙂 IM malware never goes away – it just fades into the malware background chatter.
Despite the fact that Instant Messenger malware (which has been with us since 2005, or so), doesn’t create much of a fuss, and seems to prefer to stay just below the horizon, it’s as dangerous as it’s ever been.
In business, when something works, why bother to reinvent the wheel. A little nip here; a little tuck there and hey – you’re still in business! No surprise then, when we see that cybercriminals subscribe to this business philosophy.
– Yahoo Instant Messenger Under Attack Again or Still? (May 4, 2010)
It’s easy to forget about the risks associated with Instant Messaging precisely because of this lack of profile. Until, that is, IM malware comes knocking – hard – like now!
BitDefender’s, Bogdan Botezatu, reports in a recent Blog post, that Yahoo Messenger is currently under attack – and, taking a hard knocking.
From the Blog:
New Yahoo Messenger 0-Day Exploit Hijacks User’s Status Update…and spreads malware, of course!
A newly discovered exploit in version 11.x of the Messenger client (including the freshly-released 220.127.116.11-us) allows a remote attacker to arbitrarily change the status message of virtually any Yahoo Messenger user that runs the vulnerable version.
Since you’re an astute and educated user, none of this comes as a surprise, I’m sure. But, what about a typical user – would he/she be surprised, do you suppose?
Let’s take a look –
In a recent Symantec survey, which questioned computer users on the most likely routes cybercriminals use to drop malware on unsuspecting users – just 3.9% of survey participants believed that Instant Messenger applications had a role in malware distribution.
Unfortunately, the only surprise here is – this is not a surprise.
The harsh reality is, from a security perspective, Instant Messaging applications can present considerable security risks. So naturally, cyber-criminals use Instant Messaging as a primary channel to distribute malware and scams.
We’ve talked about IM security a number of times here, but with this ongoing attack, a quick refresher might be in order.
As with any other application you use on the Internet, having the knowledge that allows you to use it safely, and being aware of current threats, will make for a more positive experience when using these wildly popular applications.
The following is a series of sensible tips for users to get the most out of these programs, securely and responsibly.
Don’t click on links, or download files from unknown sources. You need to be alert to the dangers in clicking on links, or downloading files from sources that are not known to you. Even if the files or links apparently come from someone you know, you have to be positive that it really was this person who has sent the message.
Check with your contact to be sure the files, or links are genuine. Remember, if you click on those links, or run those attachments without confirmation, you run the risk of letting malware into your computer.
Use only secure passwords, and be sure to change them regularly. The longer and more varied they are – using a variety of different characters and numbers – the more secure they will be.
Protect personal and confidential information when using IM. Revealing confidential or personal information in these types of conversations, can make you an easy target for Internet predators.
For added protection when using a public computer, ensure that you disable any features that retain login information to prevent other users from gaining access to your instant messaging once you leave.
It’s virtually impossible to avoid publishing your email address on the Internet, however do so only when absolutely necessary. Cyber criminals are always on the lookout for accounts to target.
The risk here goes beyond malware, as sadly, they could come into contact with undesirable individuals. The risk is low of course, but……..
Elsewhere in this Blog, you can read an article on protecting your children on the Internet and download free software, Parental Control Bar, to help you do just that.
BTW, you can hum “IM malware go away, and come back another day”, to the new version of that old familiar tune – Rain Rain Go Away.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.